Category Archives: Apache

BadRabbit is a new strain of ransomware which is emerging and is reported to be infecting systems and networks in Russia and the Ukraine at the moment. BadRabbit is the latest network self-propagating malware, like NotPeyta and WannaCry, to use the NSA EternalRomance hacking tool. A massive new IoT botnet was discovered, its continued growth is fuelled by malware said to be more sophisticated than previous IoT botnet king, Mirai. Russian based threat actor group APT28 is said to be targeting the exploitation of a recently patched Adobe vulnerability (CVE-2017-11292), in using a malicious Microsoft Word attachment, so ensure you keep on top of your system patching and always be careful when opening email attachments. 

Finally, the UK National Cyber Security Centre (NCSC) released its first annual report, as it seeks to improve cybersecurity across the UK. Among NCSC achievements cited in the report are:

• The launch of Active Cyber Defence, credited with reducing average time a phishing site is online from 27 hours to 1 hour
• Led UK response to WannaCry
• Advice website with up to 100,000 visitors per month
• Three-day Cyber UK Conference in Liverpool
• 43% increase in visits to the Cyber Security Information Sharing Partnership (CiSP)
• Produced 200,000 physical items for 190 customer departments via UK Key Production authority to secure and protect communications of Armed Forces and national security
• 1,000 youngsters on CyberFirst courses and 8,000 young women on CyberFirst Girls competition.
• Worked with 50 countries, including signing Nato’s MoU

NEWS

• Equifax Data Breach Scale Increased / Caused by not Patching Apache Struts
• Equifax Credit Assistance Website Infected with Spyware
• NHS Cyber ‘WannaCry’ Attack Could Have Been Avoided With ‘Basic’ Security – NAO
• Yahoo Reveals all 3 Billion of its User Accounts were Breached
• Russian Hackers used Kaspersky software to gain info on U.S. Intel
• North Korea behind NHS WannaCry Attack after stealing US Cyber Weapons – Microsoft
• WannaCry: North Korea Denies Involvement in Ransomware Attack 
• North Korea Hacked South’s Secret Joint US War Plans
• North Korea Spear Phishing Campaign aimed at U.S. Power Grid
• Data on Australia F-35 fighter jets stolen in ‘Extensive’ Cyberattack
• Indian Government and Corporate Credentials found for sale on the DarkNet
• Hackers breached Pizza Hut website, Stole Financial Info of Customers
• Websites Hacked to Mine Crypto-Cash
• Artificial Intelligence Smart Enough to Fool the Captcha Security Check
• Cyber-Attack Threat as important as Fighting Terrorism says GCHQ
• Disqus Breach Exposed Info on 17.5M between 2007-2012
• EU Governments to warn Cyber Attacks can be an Act of War
• Iran is being blamed for a cyber-attack against Parliamentary Emails
• Heathrow Investigates after Security and Anti-Terror Data found on USB stick
• Vulnerabilities in WiFi WPA Protocol – Krack Attack
• Microsoft release 28 Critical Security Updates for IE/Edge, Office, JET, Skype & Windows
• Oracle patches 252 bugs, increase in E-Business Suite and PeopleSoft flaws
• Netgear Patches 50 Vulnerabilities, 20 rated as High Risk
• Google Patches 7 Flaws in Dnsmasq
• Apple issues New Security Update for macOS High Sierra
• No Adobe Patches this Month

AWARENESS, EDUCATION AND THREAT INTELLIGENCE

• BadRabbit: Latest Malware using the NSA Hacking tool EternalRomance to Propagate
• APT28 joins BlackOasis in exploiting latest Adobe Flash Vulnerability
• Massive IoT Botnet Infects over 1 Million Organisations: More Sophisticated than Mirai

REPORTS

• NCSC First Annual Review: 1,131 Cyber Attacks Reported
• DDoS 2017 Report: Dangerous Overconfidence

The post Cyber Security Roundup for October 2017 appeared first on Security Boulevard.

Continue reading Cyber Security Roundup for October 2017→